Re-implement password reset token sending natively
The django version of password reset is broken in multiple way. What's
hurting us in particular is it cannot reset the password of a user where
the old password was generated by a deprecated hasher. Which, of course,
is exactly one of the cases where being able to reset the password is
important.
We still use the same infrastructure, and we use the actual django code
for *changing* the password -- this just replaces the token sender with
something that's a lot simpler and less broken.
projects / pgweb.git / commit